3 from framework import VppTestCase, VppTestRunner
4 from template_ipsec import IPsecIPv4Params
7 class IpsecApiTestCase(VppTestCase):
8 """ IPSec API tests """
11 super(IpsecApiTestCase, self).setUp()
12 self.create_pg_interfaces([0])
16 self.vpp_esp_protocol = 1
17 self.vpp_ah_protocol = 0
18 self.ipv4_params = IPsecIPv4Params()
21 self.pg0.unconfig_ip4()
23 super(IpsecApiTestCase, self).tearDown()
25 def test_backend_dump(self):
27 d = self.vapi.ipsec_backend_dump()
28 self.assert_equal(len(d), 2, "number of ipsec backends in dump")
29 self.assert_equal(d[0].protocol, self.vpp_ah_protocol,
30 "ipsec protocol in dump entry")
31 self.assert_equal(d[0].index, 0, "index in dump entry")
32 self.assert_equal(d[0].active, 1, "active flag in dump entry")
33 self.assert_equal(d[1].protocol, self.vpp_esp_protocol,
34 "ipsec protocol in dump entry")
35 self.assert_equal(d[1].index, 0, "index in dump entry")
36 self.assert_equal(d[1].active, 1, "active flag in dump entry")
38 def test_select_valid_backend(self):
39 """ select valid backend """
40 self.vapi.ipsec_select_backend(self.vpp_ah_protocol, 0)
41 self.vapi.ipsec_select_backend(self.vpp_esp_protocol, 0)
43 def test_select_invalid_backend(self):
44 """ select invalid backend """
45 with self.vapi.assert_negative_api_retval():
46 self.vapi.ipsec_select_backend(self.vpp_ah_protocol, 200)
47 with self.vapi.assert_negative_api_retval():
48 self.vapi.ipsec_select_backend(self.vpp_esp_protocol, 200)
50 def test_select_backend_in_use(self):
51 """ attempt to change backend while sad configured """
52 params = self.ipv4_params
53 addr_type = params.addr_type
54 is_ipv6 = params.is_ipv6
55 scapy_tun_sa_id = params.scapy_tun_sa_id
56 scapy_tun_spi = params.scapy_tun_spi
57 auth_algo_vpp_id = params.auth_algo_vpp_id
58 auth_key = params.auth_key
59 crypt_algo_vpp_id = params.crypt_algo_vpp_id
60 crypt_key = params.crypt_key
62 self.vapi.ipsec_sad_add_del_entry(scapy_tun_sa_id, scapy_tun_spi,
63 auth_algo_vpp_id, auth_key,
64 crypt_algo_vpp_id, crypt_key,
66 self.pg0.local_addr_n[addr_type],
67 self.pg0.remote_addr_n[addr_type],
68 is_tunnel=1, is_tunnel_ipv6=is_ipv6)
69 with self.vapi.assert_negative_api_retval():
70 self.vapi.ipsec_select_backend(
71 protocol=self.vpp_ah_protocol, index=0)
73 self.vapi.ipsec_sad_add_del_entry(scapy_tun_sa_id, scapy_tun_spi,
74 auth_algo_vpp_id, auth_key,
75 crypt_algo_vpp_id, crypt_key,
77 self.pg0.local_addr_n[addr_type],
78 self.pg0.remote_addr_n[addr_type],
79 is_tunnel=1, is_tunnel_ipv6=is_ipv6,
81 self.vapi.ipsec_select_backend(
82 protocol=self.vpp_ah_protocol, index=0)
85 if __name__ == '__main__':
86 unittest.main(testRunner=VppTestRunner)